fix: resolve gosec integer overflow and unconvert issues
- Fix G115 integer overflow by converting uint32 to int comparison - Remove unnecessary int() conversions for syscall constants - syscall.Stdin/Stderr/Stdout are already int type
This commit is contained in:
parent
9e35bf21a3
commit
abcc7b6c3a
@ -83,19 +83,19 @@ func DecryptWithPassphrase(encryptedData []byte, passphrase string) ([]byte, err
|
|||||||
// This version is for unlocking and doesn't require confirmation
|
// This version is for unlocking and doesn't require confirmation
|
||||||
func ReadPassphrase(prompt string) (string, error) {
|
func ReadPassphrase(prompt string) (string, error) {
|
||||||
// Check if stdin is a terminal
|
// Check if stdin is a terminal
|
||||||
if !term.IsTerminal(int(syscall.Stdin)) {
|
if !term.IsTerminal(syscall.Stdin) {
|
||||||
// Not a terminal - never read passphrases from piped input for security reasons
|
// Not a terminal - never read passphrases from piped input for security reasons
|
||||||
return "", fmt.Errorf("cannot read passphrase from non-terminal stdin (piped input or script). Please set the SB_UNLOCK_PASSPHRASE environment variable or run interactively")
|
return "", fmt.Errorf("cannot read passphrase from non-terminal stdin (piped input or script). Please set the SB_UNLOCK_PASSPHRASE environment variable or run interactively")
|
||||||
}
|
}
|
||||||
|
|
||||||
// stdin is a terminal, check if stderr is also a terminal for interactive prompting
|
// stdin is a terminal, check if stderr is also a terminal for interactive prompting
|
||||||
if !term.IsTerminal(int(syscall.Stderr)) {
|
if !term.IsTerminal(syscall.Stderr) {
|
||||||
return "", fmt.Errorf("cannot prompt for passphrase: stderr is not a terminal (running in non-interactive mode). Please set the SB_UNLOCK_PASSPHRASE environment variable")
|
return "", fmt.Errorf("cannot prompt for passphrase: stderr is not a terminal (running in non-interactive mode). Please set the SB_UNLOCK_PASSPHRASE environment variable")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Both stdin and stderr are terminals - use secure password reading
|
// Both stdin and stderr are terminals - use secure password reading
|
||||||
fmt.Fprint(os.Stderr, prompt) // Write prompt to stderr, not stdout
|
fmt.Fprint(os.Stderr, prompt) // Write prompt to stderr, not stdout
|
||||||
passphrase, err := term.ReadPassword(int(syscall.Stdin))
|
passphrase, err := term.ReadPassword(syscall.Stdin)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", fmt.Errorf("failed to read passphrase: %w", err)
|
return "", fmt.Errorf("failed to read passphrase: %w", err)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -36,7 +36,7 @@ func InitDebugLogging() {
|
|||||||
_, _, _ = syscall.Syscall(syscall.SYS_FCNTL, os.Stderr.Fd(), syscall.F_SETFL, syscall.O_SYNC)
|
_, _, _ = syscall.Syscall(syscall.SYS_FCNTL, os.Stderr.Fd(), syscall.F_SETFL, syscall.O_SYNC)
|
||||||
|
|
||||||
// Check if STDERR is a TTY
|
// Check if STDERR is a TTY
|
||||||
isTTY := term.IsTerminal(int(syscall.Stderr))
|
isTTY := term.IsTerminal(syscall.Stderr)
|
||||||
|
|
||||||
var handler slog.Handler
|
var handler slog.Handler
|
||||||
if isTTY {
|
if isTTY {
|
||||||
|
|||||||
@ -64,7 +64,7 @@ func TestDebugLogging(t *testing.T) {
|
|||||||
|
|
||||||
// Override the debug logger for testing
|
// Override the debug logger for testing
|
||||||
oldLogger := debugLogger
|
oldLogger := debugLogger
|
||||||
if term.IsTerminal(int(syscall.Stderr)) {
|
if term.IsTerminal(syscall.Stderr) {
|
||||||
// TTY: use colorized handler with our buffer
|
// TTY: use colorized handler with our buffer
|
||||||
debugLogger = slog.New(newColorizedHandler(&buf))
|
debugLogger = slog.New(newColorizedHandler(&buf))
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@ -308,7 +308,7 @@ func DeriveBase64Password(masterKey *hdkeychain.ExtendedKey, pwdLen, index uint3
|
|||||||
encodedStr = strings.TrimRight(encodedStr, "=")
|
encodedStr = strings.TrimRight(encodedStr, "=")
|
||||||
|
|
||||||
// Slice to the desired password length
|
// Slice to the desired password length
|
||||||
if uint32(len(encodedStr)) < pwdLen {
|
if len(encodedStr) < int(pwdLen) {
|
||||||
return "", fmt.Errorf("derived password length %d is shorter than requested length %d", len(encodedStr), pwdLen)
|
return "", fmt.Errorf("derived password length %d is shorter than requested length %d", len(encodedStr), pwdLen)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -332,7 +332,7 @@ func DeriveBase85Password(masterKey *hdkeychain.ExtendedKey, pwdLen, index uint3
|
|||||||
encoded := encodeBase85WithRFC1924Charset(entropy)
|
encoded := encodeBase85WithRFC1924Charset(entropy)
|
||||||
|
|
||||||
// Slice to the desired password length
|
// Slice to the desired password length
|
||||||
if uint32(len(encoded)) < pwdLen {
|
if len(encoded) < int(pwdLen) {
|
||||||
return "", fmt.Errorf("encoded length %d is less than requested length %d", len(encoded), pwdLen)
|
return "", fmt.Errorf("encoded length %d is less than requested length %d", len(encoded), pwdLen)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user